web-screen.com/img/plug.jpg
104.21.20.132200 OK 14 kB URL GET HTTP/2 web-screen.com/img/plug.jpg
IP 104.21.20.132:443
Certificate IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File type PNG image data, 1280 x 720, 8-bit/color RGB, non-interlaced
Hash 6448aca5739995f3b9c1b3c5e50ce7a0
f50fa07327f55f864a42698fd8fa86270f35da9b
856f999ea580bfa2f03ce5872b848246a66492f17675693e2f429938250d231a
GET /img/plug.jpg HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: image/jpeg
content-length: 13510
last-modified: Mon, 29 Aug 2022 13:27:44 GMT
etag: "630cbed0-34c6"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QlOY9qaKCaAGoxtHNdU09x2vf7YBMRoYW7NprC5ibIv%2Bh4%2FpqhJ0X5%2BJA23ZByh7tcDAcXfgNuZcv3x5x8tsh7d0b%2FffPC%2FyM8q4KhC8eBRUsrvt2UeS1z62iceBg%2BYtCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c61fe965688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea
104.26.4.19200 OK 139 kB URL GET HTTP/2 surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea
IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2016 The Nunito Sans Project Authors (https://github.com/Fonthausen/NunitoSans)Nunito
Size 139 kB (139168 bytes)
Hash 4dac705158fb1ca226d583b3829f82a0
771b9299e1d5d4239c032c7d4243a6f9343f89c4
7acb3e456d98d55be401bb07a32c9cb04e074de37bd58932b11bcf0fe9f59ab0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: application/octet-stream
content-length: 139168
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: "66213285-21fa0"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2502
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ncmJCSPD%2BYtzz2KlYxStNt7FBOBPbs6IG8L%2B7U%2FXm3SswuheXofLJnVyu0Vizc1o3KMCdwVnjkv7hB4B9mo1wlKJoy%2Fi6pISCT8OQMVOlUGUnn50VVVTqjQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c631adbb50b-OSL
X-Firefox-Spdy: h2
surl.li/fonts/roboto/Roboto-Regular.ttf
104.26.4.19200 OK 130 kB URL GET HTTP/2 surl.li/fonts/roboto/Roboto-Regular.ttf
IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularhtt
Size 130 kB (129584 bytes)
Hash afe8eacfc0903cc0612dc696881f0480
ba879317acdc045b8fa78cb8f948650627d0477c
7277cfb805def6410f317129b8e1f78bdd47d1a4e24c233077d06e88a36e57ae
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/roboto/Roboto-Regular.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: application/octet-stream
content-length: 129584
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: "66213285-1fa30"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2502
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OYxKslKiRyDbj1XEvXxPUYNhj5qBZj3UPQWDbP10kv58JUrYl7XwAOXdTYmyLRBy%2Byy%2FqjUwDn2fAlpcftFCALe2ngOsEX84gqP5ale0lSS9cGfwhmHUBAo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c632ae2b50b-OSL
X-Firefox-Spdy: h2
surl.li/fonts/rubik/Rubik-Medium.ttf
104.26.4.19200 OK 116 kB URL GET HTTP/2 surl.li/fonts/rubik/Rubik-Medium.ttf
IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409
Size 116 kB (116056 bytes)
Hash 4dd3023b03ba2b68d4b9da9176b7285a
d734c149587c12d9083c03bc90009c84b52aec78
ce40d27c6c90b990229510c46115ec852237276e1aa09cdebffc6ae085b1d1e2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/rubik/Rubik-Medium.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: application/octet-stream
content-length: 116056
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: "66213285-1c558"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2502
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CWYcKuHxYqnW9ZqWrkdaMYNr%2BcA0hhE44Z671AoSZvkVTlOd5fKrPAmkxuZy12gJSkxRuVa8GtwtGPYYKbvHvJ7qGx0hybh0zW%2BgHfKQVqhkSCTmy5nCuek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c633aecb50b-OSL
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://surveyheart.com/form/6607de29c542af6405c835f6
142.250.74.164301 Moved Permanently 366 B URL GET HTTP/2 www.google.com/s2/favicons?domain=https://surveyheart.com/form/6607de29c542af6405c835f6
IP 142.250.74.164:443
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73
ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT
File type HTML document, ASCII text, with CRLF, LF line terminators
Hash 772697da15132bdd8e4a6f14ccc221c8
ef1b85efc31efc1cd05966429340afc88d12ff22
74a812eb2cbee61c93f3da83ab32f2db1b7dfd65a0c337326d1dfb6665742f86
GET /s2/favicons?domain=https://surveyheart.com/form/6607de29c542af6405c835f6 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://surveyheart.com/form/6607de29c542af6405c835f6&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 24 Apr 2024 07:03:51 GMT
expires: Wed, 24 Apr 2024 07:33:51 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 366
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
web-screen.com/storage/screenshots/2024/03/e461e70c-92ea-4226-927b-ddb9ffb396c0.png
104.21.20.132200 OK 17 kB URL GET HTTP/3 web-screen.com/storage/screenshots/2024/03/e461e70c-92ea-4226-927b-ddb9ffb396c0.png
IP 104.21.20.132:443
Certificate IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File type PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced
Hash fba1098c73c903ab293fad390c0fd6e8
b3b1b8915c33030de1c7d37582eb4b2f82dc1ae5
c43b162abc0b148b76d3449ce34689bf74dba033e3fe9689a29809d9c9079b5a
GET /storage/screenshots/2024/03/e461e70c-92ea-4226-927b-ddb9ffb396c0.png HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 07:03:52 GMT
content-type: image/png
content-length: 16796
last-modified: Sun, 31 Mar 2024 08:08:11 GMT
etag: "660919eb-419c"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hRzv3PiqgieSiLB4LkHCXRsQYYkKUEqa1Vi74n%2FpuAy9VeEjvNDSrPGjLdeMR%2ByMUAL0ek8KETZdr3tn%2F3BNcBxOFDdF3MthV838nm9McTFtXwPP8fNhMI4b9sd9ed8NFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c654d530b65-OSL
alt-svc: h3=":443"; ma=86400
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://surveyheart.com/form/6607de29c542af6405c835f6&size=16
142.250.74.164200 OK 351 B URL GET HTTP/3 t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://surveyheart.com/form/6607de29c542af6405c835f6&size=16
IP 142.250.74.164:443
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint70:CC:1A:8A:58:6C:1F:6D:43:AE:66:75:89:F7:99:7B:BC:7A:74:2D
ValidityMon, 18 Mar 2024 19:37:19 GMT - Mon, 10 Jun 2024 19:37:18 GMT
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Hash 78895401ab968eea84c51c7a982f8bad
8c41248634ed3672824e0d09e45f2c45f37483d3
c0c95d77a40fa5c9dbc1d6b7c1e17a85d9ad171ad2e916bf670e94b1a946fac8
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://surveyheart.com/form/6607de29c542af6405c835f6&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surl.li/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://surveyheart.com/images/favicon.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 351
date: Wed, 24 Apr 2024 07:03:52 GMT
expires: Wed, 01 May 2024 07:03:52 GMT
cache-control: public, max-age=604800
last-modified: Fri, 17 May 2019 13:41:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
surl.li/js/preview.js
104.26.4.19200 OK 33 kB IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65469)
Hash d6cc50ebd8325127ffa10f492624d26c
6ad43cb17ca53d08d360e0bcfe9e909f694f2c86
9d6dfd360ccbae2e81dc8f69b9c561e99e7034b0417b2a0bcbc85c2ff629ab6d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/preview.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-160f5"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9WY7%2BeCZPvsMCXhmM9ZXsTm73ipPZlBb9%2FWtWBoKZdWkj2Zgos6O1z6XIoHBpXDcjHBLS3E5RaKBsZuyQNZ7%2FKIB%2BUJvZ%2FubZ8ZIv4XHmkyJWDyP7SCOPH4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c61a9c3b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/gears-rouded-icon.svg
104.26.4.19200 OK 8.9 kB URL GET HTTP/2 surl.li/img/gears-rouded-icon.svg
IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Hash aecbc06e12760ff4f4334696cb12f70f
479d2ba236eeb0c524d10d2681beaf890b154604
b08ee81fa51d661b5c24460f41bb2ee09eeb5157c9426c6b3b83d7ada262473d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/gears-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-e1f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bg9yPmCW%2Bn5glcfAqFwTx4y2Nr5YLmdw2tvvaXU%2BTyVy9Eml67gf6ln1N7UUo5aoOYp3tzjuoGcLPud%2BozhP8YJh4c%2BV67Xo82tIqGGord%2BiXwrV05wH3Gs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c61a9beb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/pc-rouded-icon.svg
104.26.4.19200 OK 21 kB URL GET HTTP/2 surl.li/img/pc-rouded-icon.svg
IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Hash 7005e41f692583c19abac0a7fd5b7c5f
bda49cd99401420d490a32f2f547e4ddd43b7300
2f9e711abfb70ec1515ded7f4c18c9208b1325f53b551698b90fa4664542ceed
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/pc-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-4f3e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=faOB3qcjs8EAJW7vy35LPLo26r2wWpL1%2F6T1a%2BPqFJoKHrcmfeg%2FAXxBFjtXfzxf25zmyDbipkPT2AWoymJ19FPZ3eeHCvmH%2B3LGrAGoujnsqBMMUaUUtck%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c61a9bbb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/planet-rouded-icon.svg
104.26.4.19200 OK 5.5 kB URL GET HTTP/2 surl.li/img/planet-rouded-icon.svg
IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Hash cf00d275a5654cc07016460a38be539b
cd9c598412e8458b0a281d8990934c8c6cc1e7f2
020cb7186e35ea89767786c09150f598251b2215a0308dbf6469e30d2ecca2bf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/planet-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-1574"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PnDq6c2DBBEGieb5Odc2gAw%2BT5e0Ci9YIOVs9POUwkwwugYiN2ZvNt4zesSctUtbMgdiW22m%2FixREF1t6Q84yWfAOcAunmHUoAGosH35WQK5hc%2BcqL%2FwL0I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c61a9bfb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/favicon.ico
104.26.4.19200 OK 15 kB IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Hash ec9741289f19f212fd2ffb2dda1df05c
9b97a75a795b848f086f75db50903dd15954a573
13c9447a56e92641eff376880ff848e6e8e25719f721421f9b276a9b152753d4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/favicon.ico HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: image/x-icon
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-3aee"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0p4RyBiiGVt7J2ykub1faniTtSzqkfLDsL32naQDQA1%2BjyLSAo3a0wtocDMTdTUE9Vy5v2nIOtOCh85eY2lUovxpXczR802bSTWS6wfhXrqUHci%2BcV69axE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c63bb4db50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/css/app.css
104.26.4.19200 OK 162 kB IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
Size 162 kB (162128 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/app.css HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: text/css
last-modified: Tue, 09 Apr 2024 12:14:36 GMT
etag: W/"6615312c-27950"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HxNqKXpYrNx4tSUBmkhdtiVzMvnoWdSvnN3ap8m8E1RZKaVihrNZDWGaFBhMO9TU4uLo%2B%2FznhpxzA2fxeHHsN3iir%2FKEojra2Av0eQjo%2F3XFIq6MNSbo2G0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c6199adb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/img/surli-logo.svg
104.26.4.19200 OK 9.0 kB URL GET HTTP/2 surl.li/img/surli-logo.svg
IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type SVG Scalable Vector Graphics image
Hash a6c66a56180b7d114261675e99c458b4
29921fddbe47309a4f321915ce97662846749f86
809c31e1d758a8de21d7e56a016abe0128bf7ef591e8c6060695dea6ce294124
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/surli-logo.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-233d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O9WUwRZctrKk8PxQiQRsNEl%2Fy2a36mI35PnwR72Po7v93AEbujfPxqDyiYAkuSzLqBVlEu%2Bu0BHJ80slakUoscq68Ggx8BvWlO5q%2FmXDwGTTyvzV75anpMs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c61a9b5b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/js/app.js
104.26.4.19200 OK 191 kB IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
Size 191 kB (190893 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/app.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-2e9ad"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y6DwlUasrkbJtKdSJ6jN%2FtpyELH18U3CsILK3BWI7xPkYm6b8yRbZKCV%2FqotLLPmx7ZdBbmSv3uk9wvHQm71Zk015hz43Nm2uzC2GYk83w%2BU%2BP1xLXsNTEE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87943c61a9c1b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
104.26.4.19200 OK 13 kB URL User Request GET HTTP/2 IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbrkv HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 09:03:51 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 09:03:51 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PHkZn0saXl1sADb87zSstLsswmAV1kPpbvuEvYM62cLWJyeLfb9TEkD8pBkGeVwM28GEmBv80AfCTshdmhDCrGdAItlh2AHb%2F44W7TDfwmxsx3BkPcqyX%2BQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87943c5eef70b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/getMetaInfo
104.26.4.19200 OK 33 B IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 58b93b1d3d3ab3a33caf3da5cb0d8f98
d5a870ec77ec484c2da1e17515a6d9d3a6861378
da8d9536173d34fde03ecab3ea0adf665eebbe9d684ca266e8c5d32ec50e6c1b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /getMetaInfo HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: jTovz7Hd8OU6miWeZgiAnZGUKP2SPnmnLcIaB0Xv
X-Requested-With: XMLHttpRequest
Content-Length: 67
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:53 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjdGcWFIRHY2eGwwUVVuQytYcUlqUmc9PSIsInZhbHVlIjoiNGhqVlkzQS9vK3dvMktDNFIrM0Z2R0ZqZ0txYkxFcmNVWUl3K0JncVhBVEE2QXZGM0FySGthOWk0SkN5NU94M0c3Umt4VFE2OUhFOHhBS005T21IWmh5N0owWVkvRjRlQ3gxTjRFaFNpQ1lTeCtLS0hzTC9COFd5OW5oV01YY2UiLCJtYWMiOiI2ZTAwM2EwZGYwN2JmYjMxNmVmMzcyMTQyOGEyMDAyODdlOTY4NjBhMjc1YWJkODU2ZjdhYmU3MGY3MDgzYjY0IiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 09:03:53 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6Ii9vV3VmTjR1SytadDlRQWljTitkSGc9PSIsInZhbHVlIjoiQ1NHd1ZhMEx4Zk9MV1I1amp1VE04UXNSZGoxcGZjaldhWC92akRiVngyVFdZZE14RVFMb1dDTGRaWVNhNEI4b2IrSkU1anlZUm1hOWoybVppZXdIV2RyM2tPcGd6bkJ2cmNEV3FkR0JDZjlyNUVXMmloRzUzRnZycUpFeWNwVzciLCJtYWMiOiJiZTQxYjk5NjU2NGE2OTVhZTE0NmViNTFhNmNiMGNhNzViZjI0NDMxNWZkZDQ1NDllY2Q0ODhjMzExNTlhYmI0IiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 09:03:53 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2FDSVY0ByTnfmsi%2FoC%2BLx07ZTudQCWj29Ihw7qU%2F%2FZtpAeSLzHBAVlU3FZU8xoVSGFS3nrHfRbd6Bm8dq6uRLvZ7XE4Hj8P1txML0xRdwqZELLvO93LSCWU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87943c63db6bb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
surl.li/getPreview
104.26.4.19200 OK 100 B IP 104.26.4.19:443
Certificate IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash dc0e3d4d1d860bd470101ff7d31a228f
2d7a1d4f84ee68d96bc1434b4b6a7613e397cd50
5eff4b7964b86e683ec9e448e760cdff2bad7be77a8a05e8b6e4b2f9cda7b43d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /getPreview HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: jTovz7Hd8OU6miWeZgiAnZGUKP2SPnmnLcIaB0Xv
X-Requested-With: XMLHttpRequest
Content-Length: 67
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/sbrkv
Cookie: XSRF-TOKEN=eyJpdiI6IlpjNGlJdWg2a3I0MVhSZUsrTVh5Q0E9PSIsInZhbHVlIjoiTTJJYTcwQWpDSElCczcrYnVlay82emxQNHZGWjNwdWFvSnVpV1VxQWRLazYvcDZlZHd2dkZFRS9yTVFLSTNiSi82REEybFM5cnZYUG40Qit6dll5QTJ4QlRrQ25jRkZweHpHQi9hZG1yK05sSndTcVJ5dDI1MVJ0NnhMR3M2TDUiLCJtYWMiOiIzNDY4MTU2YTkxMWRkZGE1ODYwMTljYWVmMDNhZWM1OWUzOWNmNWYwNjcyZTJhYTAyYTQ5N2E3MDM2OTUwMTcxIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Ik1IQUU3NjluWHdBV09PampnZ3ltY1E9PSIsInZhbHVlIjoiOU5zUHVzWG5PeTFrRFRpRGRlcS9LWjBWQmVCVk5FOHRKaGJlckg4VXU0dVB4empPclVyaDhtdWhNMmdpSUxvNUR1cG1zejM3ZjdSRTRMaTE4eVpicXlaeHZtWHlFVTROQ0JIUEZjRkpnb3FrZmFmeWp4cGtKcHlka3hKTGxiZ3YiLCJtYWMiOiJiMmVkNmYzZjhiMjI4NGFkMzk0ZGFiMGE1YTE4NzU1YmI2YzQ4YTNmZjhmNzQyMmZjZGU2ZDQ4ZjhjMDMwNTVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 07:03:51 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjE0Yko5enRBajNHRCtlY3VQQXU0aEE9PSIsInZhbHVlIjoiUUNqRStla0JHUUs5RHNWaW1kSTdIc3Rvazk1Y2w3V1NpMXRzNzY5VU9SL1Z2a24zNlpncmMvTkt6bmdyMDExbUxYbW9RVFREbTk5WG1KVmNwblpLWTdrak9lcHEzcU9tTDRFeko2aUdlY3RRV2EvSG43MmNMVEdmU3I3aTJsMnQiLCJtYWMiOiIxM2Q2MWQ3Mjk3MWY4ODVlZWIxZWI2YTQ4MGM4M2YyNWZjNWQ2ODdkNDAzZjhjZjk2MTA1ZTAwNzg3MWE0MjY0IiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 09:03:51 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IkZKL1I3ZWJGWGQwOHZoc0EyRlVqanc9PSIsInZhbHVlIjoiZzZoUkVPd21YVDV6dEdZTUJBRE5xU1NNcWFpZFJvSFdNYkxXR2QweWt4Q2lseTJqNlVCcUw2K255MmM1YnJxQWxXb0U5VVljRUtWaFI2RkRGd0JEVC9NaEt1NSs2aGpCVmZWYmVjVmNuTVZoR09HNnlDR2JDM0c0Z2FMR1hpUE8iLCJtYWMiOiJmZGI0NDNmODA5M2IwOGFkYzZkZjNkNjg5MGJjNjY3NzU0Y2NkZDUwNWQyMDc1ZDVkYTU5ZWMyYzBhZTRkM2I4IiwidGFnIjoiIn0%3D; expires=Wed, 24 Apr 2024 09:03:51 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7zULJ%2Fm%2F0ARgaJdBwF26jWYcttNsEW8elb9rUEs4AgprKYHefNEo4BwAFS25vpdLD04CZFvXqFoXyNOeZxqbpt4OHGT%2FcnWI3vwCbJTAUTKWETdZdFXDc0Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87943c63db66b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2